Friday, February 17, 2017

Industrial cybersecurity in the US national strategy.

A Bloomberg LIVE conference in Houston, (TX USA), was addressed by Patrick J. Gouhin, Executive Director and CEO of the International Society of Automation (ISA). He spoke on the future of cybersecurity in the US oil and gas sector, urged energy executives to take action now to protect their facilities and operations from cyberattack.

ISA's Patrick Gouhin

“Given the increasing number of cyberattacks on oil and gas facilities, the importance of these facilities to the economy and national security, and the fact that there are effective cybersecurity standards for the energy industry available today, the time to act is now—not years in the future,” he emphasised, before an audience of approximately 100 senior technology executives and US government officials.

Gouhin participated in a panel session that examined: the need for solutions that can both prevent a cyberattack from occurring and mitigate the damage if one does occur; and the future of cybersecurity strategies and defenses in the oil and gas industry given the absence of mandated standards and regulations.

He pointed to ISA’s series of industrial automation and control system (IACS) security standards— adopted internationally as ISA/IEC 62443—as a flexible framework for preventing and limiting potentially devastating cyber damage to the industrial systems and networks used in oil and gas facilities and other critical infrastructure.

Developed by leading international cybersecurity experts from industry, government and academia, ISA/IEC 62443 addresses industrial cybersecurity vulnerabilities across all key industry sectors and is regarded as the world’s only consensus-based series of IACS security standards.

IACS, such as supervisory control and data acquisition systems (SCADA), are relied upon to monitor and control the operation of industrial machinery and associated devices. Because most IACS are not designed to ensure resilience against cyberwarfare, an IACS cyberattack can impair and disable safe operations of industrial facilities. The consequences—which can include plant shutdowns, widespread power blackouts, explosions, chemical leaks and more—can place national and economic security as well as lives, personal safety and the environment at risk.

ISA’s expertise in industrial cybersecurity standards has been honed through experience. Gouhin pointed out that ISA has been developing industry standards for more than 67 years, with 150 different standards in its portfolio, representing the knowledge of more than 4,000 industry experts worldwide.

Aiding US voluntary plan.He explained that while the US does not legally require implementation of industrial cybersecurity standards and best practices, the government has developed a voluntary plan to follow. The plan, known as the US Cybersecurity Framework, serves as a how-to guide for American industry and operators and owners of critical infrastructure to strengthen their cyber defenses.

Representatives of both ISA and its affiliate, the Automation Federation, served as expert consultants to the US National Institute of Standards and Technology (NIST)—an agency of the US Department of Commerce—as it coordinated the development of the framework. The ISA/IEC 62443 series of IACS security standards are key components of the framework recommendations, which were made public in early 2014.

ISA’s leadership in industrial cybersecurity also prompted the US Army National Guard to select ISA as an industry partner. Last year, ISA provided control systems security training at the National Guard’s Cyber Shield 2016 exercise at Camp Atterbury, Indiana. More than 900 soldiers, airmen, Marines, sailors and civilians representing 47 states and territories participated at the event to assess their skills in responding to cyber-incidents on the National Guard computer network.

Furthermore, the Automation Federation is the host organization for the LOGIIC (Linking Oil and Gas Industry to Improve Cybersecurity) Program, an ongoing collaboration of major oil and natural gas companies and the US Department of Homeland Security, Science and Technology Directorate. LOGIIC undertakes collaborative research and development projects to improve the level of cybersecurity in critical systems of interest to the oil and natural gas sector.